Below is the list of Black Hat USA 2025 Briefings Tracks.
If your proposal doesn't align with a specific track, simply select “Unsure” in the track field in the CFP Submission Portal. The review board will review your submission and assign it to the most appropriate track.
Learn more about the CFP Submission Process.
The AI, ML, & Data Science track covers these topics in a way that provides value for security professionals. Topics for the track can range from attacking and defending systems implementing AI to applying AI for better attacks, defenses, or detections. Submissions for the track should have the AI/ML/DS functionality playing a key role in the submission. Submissions where this functionality plays a minor role belong in another track. Regardless of the topic, the content for the track should focus heavily on applied concepts that attendees can use after the conference is over.
The Application Security: Defense track focuses on presentations that help security practitioners and development teams build more secure software. We are keen for objective, data-driven, outcome-based research or case studies around secure development practices, accompanied by actionable recommendations attendees can use to improve their software security programs.
This is where you'll hear fresh, practical perspectives on the Secure Development Lifecycle (SDLC), DevSecOps, software supply chain, automated security testing, and similar topics. Preference will be given to scalable, battle-tested ideas with empirical data to demonstrate outcomes. Tool releases should be broadly applicable and non-commercial.
Note: Infrastructure-as-Code (IaC) submissions are welcome if they demonstrate techniques for securing IaC-related code as opposed to defending the platforms themselves; the latter falls under Cloud Security OR Platform Security.
The Application Security: Offense track focuses on presentations that advance the state of the art in software vulnerabilities. Broad-based, novel attacks against web applications, web technologies, programming languages/ecosystems, and decentralized apps are welcome here. The focus should be on discovery and exploitation of application-layer attacks in custom software as opposed to discrete vulnerabilities in web servers, web browsers, etc. unless those vulnerabilities are implementation-dependent. This is where you'll learn about new attack surface or about more effective/creative techniques for attacking known vulnerability patterns. Tool releases should be broadly applicable and non-commercial.
Note: Firmware submissions fall under the Hardware/Embedded track. Infrastructure-as-Code (IaC) submissions are welcome if they demonstrate attacks against IaC-related code as opposed to the platforms themselves; the latter falls under Cloud Security OR Platform Security.
The Cloud Security track showcases talks on the most cutting-edge ways to attack and defend cloud environments. This includes previously unseen methods targeting cloud providers such as Azure, AWS, and GCP, as well as cloud-native technologies like containers and orchestration systems, microservices, and serverless architectures. We welcome talks on novel approaches for cloud identity and access management, data exfiltration, privilege escalation, lateral movement, and other unprecedented implementations of techniques for attacking and securing cloud infrastructures. Do you have new research in this area? Join our panel of experts and submit your talk proposal to share your knowledge and shape the future of cloud security.
The Briefings Community & Career Track has been discontinued. However, Black Hat offers a robust Community Program open to all Briefings, Business, and Trainings pass holders. The program fosters idea sharing and meaningful discussions on critical issues impacting the cybersecurity community hosted by members of the cyber community. If you have a topic suggestion, please contact community@blackhat.com
The Cryptography track aims to do for cryptography what Black Hat's Exploit Development track does for software security: to be the industry's premiere venue for practical, real-world advances in cryptography informed by an attacker's sensibility. A Black Hat Cryptography Track talk will almost always be backed up with running code. We prize offensive cryptography and cryptanalysis but will host defensive and research cryptography when rooted in a context of real-world attacks. We're an especially good place to send new vulnerabilities in cryptographic protocols like TLS, cryptographic hardware like HSMs and smart cards, and cryptographic primitives like SHA-1.
A cyber-physical system (CPS) is any system where one or more computing elements monitor and control a physical process. Topics for this track may include industrial control systems, industrial/enterprise/commercial IoT devices, wearable IoT devices, various types of self-driving vehicles, satellite applications, solutions for smart homes/buildings/cities, and more. These systems are inherently linked to threat models and attacker objectives that impact the underlying physical processes. Consequently, the submissions in this track should address vulnerabilities, attacks, and defense recommendations that encompass both digital/cyber and physical elements of the CPS. The submission may focus on specific types of cyber-physical systems, their components, or the entire CPS concept, emphasizing systemic offensive and defensive security issues. Note that CPS topics with a prominent research component focused on hardware/firmware or data may be better aligned with other primary tracks, such as Hardware/Embedded or AI, ML & Data Science.
Defense & Resilience is the track for defensive engineering that directly disrupts attacker capability. We focus on preventive, architectural, and mitigation driven innovations that make exploitation harder, containment faster, and attacker tooling less effective. The focus is on universally applicable techniques and should rely or implicate a commercial product or service. Defensive innovations include isolation technologies (micro VMs, CHERI like models, browser or site isolation, sandboxing frameworks), exploit mitigations (CFI, memory tagging, hardening), defensive disruption techniques that interfere with attacker toolchains or automation, and cross environment defensive systems that reshape the economics of attack—such as automated containment, pre exploitation risk scoring, exploit path pruning, ephemeralization, or moving target defenses. If your research reduces the feasibility, reliability, or impact of exploitation before or during an attack, this is the right track. This track does not cover detection engineering, telemetry correlation, SIEM/EDR analytics, enterprise attack chains, identity abuse, OS/firmware/hypervisor mitigations, AppSec SDLC or secure coding practices, or cloud native IAM and attack paths.
Enterprise Security is a track that covers the complex interactions between networks, identity providers, servers, client endpoints, data storage and all other components that comprise a modern enterprise IT footprint across its operating environment. It covers attack chains that cascade across corporate resources, analysis of targeted attacks, along with current risks, threats, and defense techniques. If it's new research targeting systems used to run organizations rather than the applications they provide or the operating systems themselves, the Enterprise Security track is probably a natural home for it.
The Exploit Development & Vulnerability Discovery track focuses on leading-edge, practical techniques for gaining code execution or similar unauthorized access to software. Successful submissions often share novel approaches to vulnerability discovery, new exploit techniques or mitigation bypasses. Submissions that present attacks against 'hard' targets that lack known techniques are often the most successful. Submissions shouldn't be constrained to memory safety issues, but these often resonate with the Black Hat audience.
Submissions are welcome across a wide array of technology, including mobile devices, cloud and browsers, though this track focuses on novel exploitation and vulnerability discovery techniques. Submissions without this focus should be submitted to the relevant track for the technology they target, for example, Mobile, Hardware, Cyber-physical Systems, Platform Security, etc. Submissions on post-exploitation should be submitted to the Malware track.
The Hardware / Embedded track explores the forefront of hardware, firmware, and embedded device security, embracing the golden age of hardware design and manufacturing. This track highlights innovative research from silicon-level security all the way up to the unique challenges posed by exotic hardware, IoT/OT, autonomous vehicles, robotics, medical devices, and voting machines. Whether you’re uncovering vulnerabilities, creating purpose-built devices, or hacking hardware in unexpected ways, we want to hear about it. And if you’ve found a way to improve on implants beyond the infamous “grain of rice,” we’re all ears. This is your chance to showcase how you're pushing the boundaries of what’s possible in this exciting era of hardware innovation.
The Human Factors track focuses on the impact of humans to security: how their decisions can affect their security or the security of the organization, and how engineering and technology can help. This includes the way people make decisions and how to influence those decisions as an attacker or defender. It also includes how to reduce their cognitive load and the organizational (and potentially economic) factors that surround those decisions. (The regulatory forces might be better in the Policy track.) This track welcomes submissions on how to get individuals or groups to act against their interest, including the use of disinformation or misinformation. This track is open to new and original ideas about use of generative AI insofar as they manipulate or influence people. It also welcomes new ways to strengthen technology and other solutions to decrease harm. This track is not about career development, BOFH stories, sploits to make the browser draw a fake UI, or simple ploys like buying a UPS outfit or using voice cloning or deepfake video.
The Malware track focuses on both the defensive and offensive aspects of malware development. The defensive malware talks are centered around current malware: analysis, anti-analysis techniques, detection, remediation, and technical discussions on bypasses or broken functionality within anti-malware tools. The offensive malware talks are centered around: malware development, novel execution techniques, and obfuscation. We are most interested in talks that detail prevailing malicious attacks, recent attacks with high impact, malware targeting newer platforms, or new techniques on both the offensive and defensive side of malware development without a product pitch.
The mobile track encompasses everything mobile, including all layers of phones (OS, baseband, hardware, software, apps), mobile infrastructure, mobile device management, telecommunications protocols, GPS, etc. Talks in this track should cover a security feature, novel technique, new concept or research unique to the mobile space. Submissions where mobile is only one of many use cases, are generally not suitable for this track.
Talks in this track should tackle network defense issues related to protecting users or assets. Traditionally, this includes the vast array of NIDS, HIDS, IPS, SEIM, Firewalls, VPNs, etc., as well as the hardware components, like routers, switches, Wi-Fi and so on. Cloud computing networks and more exotic networks, like CAN Bus, ad-hoc networking and so on are included. We are looking specifically for novel means of deployment, detection, correlation, or protection of attacks that is both unique and ideally practical for use in protecting networks. Attendees of Network track talks should walk away with ideas on how to defend themselves and a better understanding of the threat landscape with ideas on areas to research.
The Platform Security track focuses on new and novel security issues affecting the full system platform stack (hardware, firmware, hypervisor, and operating system) of general-purpose computing platforms powering modern client and server environments. Topics well-suited to this track include innovative research on: software attacks against modern client and server operating systems; hypervisor and firmware vulnerabilities; security coprocessor and secure enclave weaknesses in modern CPU and System-on-Chip architectures; microarchitectural and hardware-enabled attacks against CPU, memory, or other subsystems; weaknesses in platform roots of trust; and supply chain security issues with platform-level impact, such as build system compromises or exploitation of pervasive open source vulnerabilities. This track also encourages presentations on novel defenses that feasibly mitigate presently known or unknown instances of these classes of attacks to protect the platform at scale.
Submit your talk to the Policy track if it explores information security across organizations and generally aren't a fix you code or plug in: everything from political, technology, or economic policies to technical standards, laws, and norms of behavior. We welcome your research and findings about security impacts of policy or legislation; unintended consequences of policy or technical choices; metrics for assessing whether attacker or defenders have the upper hand; and proposed public policies against new or stubborn security threats or those requiring coordination at scale. Successful submissions will include novel insights, backed by actual research, not just soap-box opinions or complaints. This track is not about success for a single organization, such as with corporate policies or compliance, which typically belong in the Enterprise track, or human-centered talks, which belong in Human Factors.
The Privacy track is intended to highlight new research into privacy vulnerabilities and ideas that help build products & solutions with privacy in mind. Examples of technical topics particularly suited to the Privacy track might include privacy-by-design, new attacks on privacy-preserving technology systems, subversion of privacy compliance management systems to benefit attackers, new de-masking/deanonymization methods, or the exploitation of unique vulnerabilities arising from privacy considerations. Attorneys who submit may benefit from having a technical co-author. The Privacy track is not intended to be a substitute for the Cryptography, Policy, or any other track, but rather to complement them.
"Reverse engineering is the process of extracting the knowledge or design blueprints from anything man-made and reproducing it or reproducing anything based on the extracted information." — Eldad Eilam
Talks in the Reverse Engineering Track may include subjects such as vulnerability discovery, data visualization, advanced exploitation techniques, bypassing security and software protections, and reverse engineering of hardware, software, and protocols. These talks present a fundamental deep dive into the subject matter and unveil novel reverse engineering learnings.
The Threat Hunting & Incident Response track will consist of topics and techniques used to assist defenders in responding to a variety of security incidents in on-premise, hybrid, and cloud environments. These topics may include, but aren't limited to, identification of compromised systems, digital evidence collection, network, host, malware analysis, threat intelligence, detection engineering and threat hunting. Focus should be on techniques and procedures that can help defenders understand how an attack unfolded, if and when a breach occurred, and how it can be prevented in the future.
